Google deserves scrutiny for its business practices as it becomes nearly a monopoly and the article makes good points about the possibility of unfair practices. They need to walk a straight line on that. That is a separate issue from the idea that the government should control the internet - 'net nuetrality'.

Google's competitors have google-envy. Bing / Microsoft was caught up recently stealing google search results if not their algorithms.

I'm no fan of google's politics but the fact is Google built a better mousetrap right when we needed it, doing what previously wasn't possible. Their email is impressive too, and many other products, mostly free to use. They succeeded, so now we are supposed to take that away. We went through this with Microsoft just 10 years ago. The Clinton DOJ charged them and a judge declared they had a monopoly. He based the product category to include price - in other words it was determined that no one else sold all those capabilities for so low a price, thus the consumer is harmed - by the low cost provider. Wrong, the consumer was harmed by the slow, inept overpriced competitors not holding the leader to real competition. Likewise, Google searches and email and many other innovations are free to use, and that harms us.(?) Others need to make their innovations. Sometimes that takes a decade for someone else to drive a new innovation through the market to fill a void we don't even know. These innovations sprang from the idea that, if successful, they would be able to eek out a revenue stream from the traffic they generate for a pretty long time, and maybe even take a profit from their entrepreneurial risk and investment.

If Google (or Comcast etc.) is blocking someone else's ability to open their own site and offer their own searches and products on the internet with their own technology, code, algorithms, then that is another matter. Anyone can buy placement on google searches, they are called sponsored links. There has never been a better time for anyone to open n 'e-commerce site' or a better opportunity for a 'video programmer to distribute their programming over the Internet'. The Senator is pandering. Like Microsoft did before them, Google has made every other business on the planet more efficient and productive. Someone ask the Senator how that content would be distributednow without the pioneering work of these other companies building out the network that they ride on.

I don't know if you saw this post above. If not please review as it applies to "net neutrality". I think it makes some good points. The general idea of the government regulating or having control over the internet is not attractive at face value but the idea of letting private companies controlling the internet gates without some oversight is also unattractive. This article sums up the threat. I've learned the hard way how our lives can be more and more controlled as we continue this descent (or ascent for some) into endless electronmagnetic interconnectedness:

Thank you CCP, I read it and I disagree. For example, "most Americans have only one choice of high-speed broadband provider". I don't believe that. I have only used my cell carrier for internet since the day that became availaible. It works almost everywhere and they have competitors. They paid for their buildout of towers and the network. They run their network and I have the right to switch carriers. If they collude, that is anti-trust, already illegal. I have never given a dime to the monopoly cable carrier, but they also compete with the 'monopoly' phone company DSL and other options, and we are out in the very outskirts of a metro. In the City of Minneapolis, they have City of Minneapolis WiFi. For some reason, inside the city you don't see other wifi networks. Government internet makes me think of Tunisian shutdowns and China censorship, not the rampant innovations that used to come out of silicon valley.

For me, oversight? - yes. Government in charge (other than fighting off things like unfair business practices) - no.

I will look further into that. For now, I am only conjuring up positive images of freedom and individualism from the wild west with maybe one sheriff and one deputy right there in the town, and negative images of the way things work now in Washington with lobbyists and staffers writing legislation for subcommittee hearings where 6th term incumbents can grandstand their pandering, backed by full federal enforcement across all the nation regardless of how bad the laws are. The goal used to be fiber to the home, now it is TSA to the home. I personally prefer the glory years of Silicon Valley running wild, when venture capitalists were winning and losing, but kicking ass technology-wise on all the state run economies in the world.

It is common for bureaucrats and regulators to lag behind innovation, and Republicans hardly need to lead the charge into taking down successful private businesses. As you point out, the Dems in congress and the Marxist panderers in the administration are already all over it. Very hard to get in front of them though I suspect McCain and Lindsay Graham may try to elbow in.

I don't follow the argument that Netflix with access to movies should ride free and protected on someone else's investment. If you force that in, you certainly lose unlimited low cost data plans for the rest of us. The alternative is allow the carriers to innovate data packet handling to accommodate all the increasing data intensive applications that their consumers are demanding. The government forced in how I already lost my low cost health plan to new rules coming to protect me, just like free checking disappears with stricter rules on bank service charges. When and where is it that regulators ever got it right?

What I have seen so far with carriers and content providers is that the companies with the best product and price points are winning market share. That scares a certain number of people who don't know freedom based capitalism.

What is the content that others are noticeably denied? My FREE browser and $15 unlimited data plan goes to any website in the world, as far as I know, a little slower than cable. My email has been free from the beginning and is better than ever. My searches are free and unlimited. Meanwhile, my home phone had a 60% tax on it the day I dropped it. 1000% oversight brought horrible service. My government water bill has more taxes than water in it. Alternatives are prohibited even though I am surrounded by water, from above, below and with a lake in 360 degrees.

The premise of the article is that consumers have no choice, there is only one toll bridge - no other way over the river. Implied is that no amount of innovation, investment or market competition will ever change that... without ... trumpet fanfare... new rules, new regulators and new agencies. I'm sorry but that is patently false IMHO.

All these people who hate their cable company should try canceling it - while its still legal to do that. Otherwise look at the wealth of entertainment and information that flows through it and appreciate it.

I can easily shop verizon, comcast, anything else and switch carriers right through a sprint connection. No one is blocking anything. If they make the content that I want hard to get, I can switch. The false monopoly argument assumes that internet has to come through the only set of wires to your home, ignoring that you maybe have 3 sets of wires to your house and everything is rapidly moving to wireless. My daughter's internet is through the neighbor's wifi. Hog their bandwidth and out she goes. With government internet, that arrangement would be highly illegal instead of neighborly and charitable. Where you have only one carrier is likely where some government program forced it in, rather than letting free people choose where they want to live based (partly) on services available.

To me, it is conceptual. There is nothing wrong that I think government would run better. IMO it is the exact same situation as health care. You can always point to something wrong, but most of that is already illegal. None of that logically leads to the other extreme, put big government in charge of making the most difficult healthcare decisions or controlling every aspect internal network data packet prioritization, billing and everything else. It just doesn't make things better.

The static assumption, just like health care, is that private innovation is done, now regulate the apparatus (that was built by private companies with private investments) to make sure everything is distributed evenly, fairly and miserably. It is self- fulfilling. When the regulatory industry takes over, they will be right - the innovation is done. They only know how to completely discard the principles of free enterprise and risk-based capitalism that made all this possible in the first place.

I was pleased to see that my Sen. Al Franken agrees with me that Net Neutrality is to the internet what PelosiObamaCare is to healthcare, capped with criminal penalties.

The analysis at the bottom yesterday by Ed Morrisey of Hot Air (and Townhall Northern Alliance Radio) is about the same as mine. The customer is the cable internet subscriber, not the content provider. If the highly demanded App is NetFlix and the download time is unacceptable or blocked, people will go elsewhere. Is grocery store required to sell a fresh orange or a bottle of soy sauce? No, but they would get very tired of people asking why something isn't available and go elsewhere. Our economic system of choice works better than the centrally dictated model. The beauty is that the worse the service is at the pseudo-monopoly, the more room they leave for alternatives will emerge.---------------------------------http://hotair.com/archives/2011/03/15/conyers-obamacare-a-platform-for-government-takeover-of-health-care/

Senator Al Franken says that the charge that Net Neutrality amounts to a government takeover of the Internet is just as silly as claiming ObamaCare to be a government takeover of health care. And just to prove how Net Neutrality doesn’t amount to a government takeover, Franken wants government to respond to violations of Net Neutrality rules with criminal prosecution:

Sen. Al Franken (D-Minn.) plans to introduce a bill that would make net neutrality violations a crime.

The Justice Department cannot take enforcement actions against cable and phone companies who block websites, according to experts and congressional Democrats.

Franken said in a speech at the South by Southwest conference on Monday that he is planning legislation that would amend antitrust laws to “call violations of net neutrality out for what they are: anti-competitive actions by powerful media conglomerates that represent violations of our anti-trust laws.”

Huh? Internet companies act in a competitive market; they have to compete for consumers, albeit in some cases in restricted markets. Wireless carriers, however, have a robustly competitive environment, and even the wired industry usually has two or three options for consumers in most cases. If one carrier starts blocking websites, consumers will vote with their feet and go to the provider who doesn’t restrict access to them.

It’s amazing to see how Franken can argue that Net Neutrality laws don’t mean a government takeover of the Internet and then demand that people who don’t play along get prosecuted for it.

Gilder is a member of the board of directors of Wave Systems Corp. and chairman of that company’s executive committee. He is a senior fellow at the Discovery Institute in Seattle and has been a contributing writer for FORBES since 1981.

A noted author, Gilder earned a bachelor’s degree at Harvard University and was later a fellow at Harvard’s Kennedy Institute of Politics.

Click through to watch the video of Steve Forbes’ interview with tech guru George Gilder.

Broadband Miracle

Steve Forbes: Good to have you with us, George. With all this pessimism around, at least give us one good thing that’s happened in the last ten years. You’ve talked about the broadband miracle, where we went from way behind to surging ahead.

Gilder: Well, we sure did. The irony about it is this broadband miracle that’s happened in the United States over the last five years or so was totally unanticipated by the people who wanted massive government programs to lay fiber to every remote farmhouse.

Instead we had a 553-fold increase in wireless bandwidth deployed over this period — completely unexpected — that thrust the U.S. into the world lead again in communications. It shows these upside surprises that are the essence of capital creativity. Creativity always comes as a surprise to us. If it didn’t, we wouldn’t need it and socialism would work. You could plan these great new technologies.

Forbes: As Bell once thought it could do.

Gilder: That 553-fold increase in wireless broadband, nobody imagined really. I mean, it startled me with its speed and overwhelming impact.

Forbes: Well, pat yourself on the back — you called them teleputers years ago. Now we call them smartphones, tablets, iPads. Explain it.

Gilder: I always said that your computer would not be a desktop machine; it would be as mobile as your watch, as personal as your wallet. It would recognize streets. It would recognize speech. It would navigate streets. It might not do windows, but it would do doors and it would, in general, open doors to your future. And these teleputers are really the force that is driving this massive global roll out of wireless bandwidth, which was pioneered in the United States.

Bell’s Law and Moore’s Law

Forbes: Now, before we get to all the things that stand in the way of reaching the true harvest of all of this, explain some of the areas of great creativity. Let’s start with a thing called cloud computing, which I guess you’ve pointed out as Bell’s corollary to Moore’s Law.

Gilder: Yeah. As Gordon Bell, who was one of the great figures of digital equipment and is now at Microsoft, propounded Bell’s Law, which is sort of a corollary of Moore’s Law. Moore’s Law is that the number of transistors on a chip doubles every 18 months or so.

And he projected this into Bell’s Law, which is every ten years you got a 100-fold increase in computing capabilities. And this enables and requires a fundamental change in computer architectures. And we’re seeing it today in the rise of cloud computing.

As Eric Schmidt said, when the back plane of your computer runs more slowly than the network, the computer hollows out and distributes itself across the network. And that’s essentially what is underway today, where the actual computing is almost never done or rarely done in the device that you have in your hand or on your desk.

Fiber Speed

Forbes: Or in even the software. Now, some would say that’s centralization, which the French tried to do years ago, you remember that. But you see it as profoundly different.

Gilder: You still have a lot of processing power. The teleputer has more processing power than whole IBM mainframes that attempted to centralize computing in the past. Computing is more widely distributed than ever before in history. But nonetheless, a lot of the computing is not done where you happen to be. It’s done at the optimal point.

So what it means is that computing power gravitates to its optimal point geographically. And that’s the advent of cloud computing. And it’s resulted in an efflorescence of creativity and computer architectures because everything now has to run at fiber speed, that is, at the speed of fiber optics, which is the speed of light.

And so all the various devices in the entire computer universe have to be upgraded to fiber speed functionality. And that is the transformation that’s currently underway in the world economy — the upgrade to fiber speed. And it’s really my paradigm which I use as an investor to decide where to put my money and my customers’ money.

Special Offer: Long before Facebook, George Gilder started a money-making social network for technology investors and entrepreneurs: Gilder Telecosm Forum. Members learned about ARM Holdings, Cirrus Logic, Triquint Semiconductor and CREE long before the masses found out and made huge profits. Click here to visit and find out what to do with CREE and EZchip.

Forbes: So what are some of the companies that you feel are in the forefront of this transformation?

Gilder: Well, there are several in Israel because Israel’s really genius under the gun. That is a very productive environment. EZChip is one. EZChip is a wonderful company that’s completely in the fiber speed paradigm. In the United States, there’s a company called NetLogic, which raises the fiber speed paradigm from just switching packets across the network to actual deep packet inspection.

They have knowledge processors that are crucial in this development of deep packet inspection, which entails looking at the contents of packets at millions of packets a second and collectively trillions of packets a second. This is a major frontier in the world computer industry and there are a number of companies that do it.

But I always look for the chips that embody the crucial functionality rather than the various systems that are developed around those chips, because they change from year to year. But if you get a real edge in the production of the chips, as NetLogic does and EZChip does, you can get an enduring creation of value.

Click through to watch the video of Steve Forbes’ interview with tech guru George Gilder.

Israel And The US Economy

Forbes: Now, you’ve made the point, as a handful of others have, that knowledge is about the past, entrepreneurship is about the future. Even looking at the world today in terms of foreign policy: You say “Middle East” — people think oil. You’ve made the point that Israel, with its brains and what it’s doing in high technology, is really a functional part of the U.S. economy, which is where the real value is.

Gilder: Well, it’s just wonderful that Israel has become a new Silicon Valley just as our own Silicon Valley gets paled over by green goo. Israel is moving to the forefront in developing new technologies that are based on fundamental advances. And these technologies instantly propagate to the United States. So, Israel is a substitute for a somewhat temporarily declining Silicon Valley.

Forbes: So it’s sort of like a baseball team. It’s our farm system.

Gilder: Yeah, it’s our farm system. And it’s just been great. Israel is the key asset in the Middle East. This idea that oil, a fungible element that can be sold anywhere, is comparable to the genius of the Jewish people in Israel is just an absurdity.

Israel is where it’s at in the Middle East. And the leading edge of the U.S. economy today is in Israel, surprisingly enough. I was surprised to discover it, but in the last five years I’ve been increasingly turning to Israel for my new companies.

Telegraph To Teleconference

Forbes: Before we get to what’s made Silicon Valley, as you call it, a valley of green goo and some other obstacles, let’s hit on a couple of the other areas where you see enormous creativity. Interactive video, video teleconferencing and the like. You feel that it’s just exploded in terms of technology.

Gilder: Well, this is absolutely crucial. And this will require another transformation of the existing Internet as great as the transformation from the telegraph to the public switch telephone network 50 years ago or more. That created this great public switch telephone network that could deal with voice — the telegraph system could not deal with voice.

Now, we have this vast data-oriented Internet that hast to be upgraded to do interactive, full-motion, even 3-D video. And that’s a transformation like the transformation to voice. It will require a new network, a completely interactive fiber-speed network. That’s why I’m focusing on fiber speed technologies and the new architectures, new computer architectures that are indispensable to achieve this level of performance.

Forbes: And what are the companies you think are in the forefront there?

Gilder: Well, cloud computing — the immediate field is moving up to layer five, which is sessions. It’s called sessions. And to conduct voice or video sessions across the network in real time, you need to be able to interact between all sorts of different kinds of networks.

And this requires entities called session border controllers, which I think resemble routers in their impact. In previous eras the router dealt with all the different networks at layer three, but now it has to be real time, so it’s as if the whole router infrastructure has to be upgraded to layer five.

And companies like Acme Packet and Audio Codes — which is another Israeli one, and there are lots of others — that are doing that. Then that entails deep packet inspection, because if you’re doing all these things, all different networks across the world, you want to know what the content is of the various packets that are coming to you to make sure they aren’t part of some cyber attack or whatever. That’s why I like these companies that do deep packet inspection, including NetLogic. And Cavium also does chips for that purpose. These chips are going to be increasingly in demand as time passes.

Nanotechnology

Forbes: Now, another area of creativity you’ve referenced in the past is one that you’ve pointed out has a lot of hype but now really seems to be perhaps coming into its own, nanotechnology.

Gilder: Well, nanotechnology was full of hype at a time when they said, “Oh, we’ve got carbon nanotubes. They’re 100 times stronger than steel and they have all these wonderful characteristics. And we’ll use them to make memory cells or new kinds of transistors.”

In other words, they were trying to retrofit this radically new capability into the old digital computer model. The fact is, nanotubes do all kinds of unique things and they won’t prevail until those unique potentialities are explored. And the one that I’ve invested in myself, a company called Seldon Technologies up in Windsor, Vermont, uses carbon nanotubes to make a straw that you can stick into a septic tank and drink potable water out of it.

Forbes: Is this your NanoMesh straw?

Gilder: The NanoMesh straw. And that’s made with tunable carbon nanotubes. So you can actually change the filtration function that you want to perform in these nanotubes. There are tens of thousands of these devices going to the American military now.

Forbes: So they work.

Gilder: Yeah, they work. And they’re also beloved of NASA because they think it’s the only way they’re going to be able to filter lunar dust. And that’s going to be a big market one of these days. They named Seldon as one of the 50 best technologies, supported by NASA. Nanotubes are beginning to emerge as a really crucial technology and it’s exciting to see it. You’ve been predicting it for decades.

Forbes: I have the hair to show it, too. Now, another area you liked in nanotechnology is building and construction materials. You pointed out that if you’re concerned about global warming, well this is right up their alley.

Gilder: Well, I’m not concerned about global warming.

Forbes: Neither am I. But those worriers can embrace this technology, positive technology.

Gilder: Yeah, this is a positive technology. The one I invested in was called iCrete. And actually Gary Winnick was a leading investor and leader of iCrete, which makes concrete that’s ten times stronger. It enabled the Freedom Tower to get off the ground.

It’s beloved of Frank Gehry. It’s a new way to make concrete that is a fundamentally different chemical binding that yields concrete that’s ten times more durable and more cost effective and thus uses less energy usage in making a building of a particular strength.

Security In The Clouds

Forbes: Now, going back for a moment to cloud computing. Nothing comes without challenges. How about security? How do we keep the hackers at bay since there’s a lot of valuable stuff in the clouds now?

Gilder: Well, I, myself, have been on the board of a company for a long time called Wave Systems that I love. But I really shouldn’t be touting my own company.

Forbes: Why not? As long as it’s full disclosure, the police won’t arrest you.

Gilder: Okay. You never know these days.

Forbes: That’s true.

Gilder: But anyway, they use something called a trusted platform module that is in every computer or every high-end computer and increasingly spreading throughout all of the computer world. And this is appropriate to distributed computing where. Now the firewall is just an obstacle to computing. It doesn’t increase security, it just provides a new focus for attack because the people have left the building.

It’s the end of the LAN. I’ve been talking about LAN’s end for a long time. The local area network is now a planetary utility and that requires that security migrate to the edge. And the way to do that is through trusted platform modules and that’s what Wave uses.

Forbes: So the good guys can stay ahead.

Gilder: Yeah.

Forbes: Now, you mentioned deep packet — that gets this whole area of regulation, the FCC. What do they want to do with deep packet technology?

Gilder: Well, a lot of people are afraid that deep packet inspection is a threat to privacy. And this is just mischievousness. Deep packet inspection is absolutely critical to our technology and the advance of digital technology, because you can’t really have cloud computing, you can’t have video teleconferencing, you can’t do any of the new promise of broadband without having ways to differentiate among different packets and repudiating all ideas of network neutrality.

You’ve got to treat each packet differently, the way it deserves to be treated. And you’ve got to kick out the criminal packets and cyber warfare packets. And so deep packet inspection is not only crucial commercially, it’s also crucial militarily.

Our great advantage as a country is that we have technology that’s developed commercially and is used by customers all over the place. And thus it can move down the learning curve faster and actually create capabilities which at the high end are useful for defense.

Edward Teller told me, and I’ll never forget it, he made the point way back 30 years ago when I interviewed him. He said that democratic countries have no advantage over totalitarian countries in secret classified defense projects. After the Second World War, the Soviet Union even outperformed the U.S. for a while. They sent up Sputnik first and developed or copied our nuclear technology readily.

Secret projects are not the source of America’s leadership. It was the computer industry and the semiconductors and the software and the proliferating efflorescent private commercial technology that gave the U.S. the world lead in defense and which is the heart of America’s defense advantage today, which is information technologies and pattern recognition technologies. It’s the same with Israel, and that’s why our two countries are so interdependent.

Forbes: Now, talking about regulation, what’s with the FCC? Now the FTC is threatening to get its claws in the Internet. Is it just the bureaucratic imperative of something’s there, you must control it?

Gilder: Yeah. Yeah, it’s just really horrible, this effort to fixate on an existing technology that is changing more rapidly than perhaps ever before in history. I’m describing this transformation from a world essentially of telegraphs, the current Internet, to a world of video teleconferencing, which requires a whole series of fiber-speed breakthroughs that have to exploit the best possible business plans at the front end or they’re going to fail.

For the FCC to intervene and try to manipulate the industry and impose various rules on it that restrict what might be profitable and successful plans that can sustain a new economy, like this new wireless breakout that’s happening today, is just perverse.

Bridge To The 19th Century

Forbes: You’ve referred to many venture capitalists in California and elsewhere as welfare pimps, loony-bin politicians. What in the world has happened? First — as we were discussing before we did the taping — in terms of mistaking Moore’s Law for what you can do with solar panels and energy, and then we’ll get to this addition to government subsidies.

Gilder: Yeah, well, you know, venture capital is absolutely central to the future of the American economy. It’s radically less than 1% of total GDP and yet the companies it supports currently comprise close to 20% of GDP, maybe more now.

It’s just catalytic seminal capital that’s absolutely crucial. And that’s why the worst development in the United States, in my view, in the last few years and at least on the private side, is venture capitalists becoming poverty pimps.

They aren’t any longer generating new wealth. They’re angling to get part of your wealth and my wealth to support their green dreams of medieval energy sources like windmills. I mean, you can’t parody this return to the Middle Ages looking for new technologies. This is what always happens. The government props up the past in the name of progress. The trains – we’re supposed to go back to old train technology of 50 years ago and create a new train network, and people have actually imagined that people will abandon their cars to take trains everywhere.

It’s not that there isn’t a profitable train industry, but the idea that the government needs, today, to make a major new investment in the name of progress and trains or in solar power or in windmills is a parody of creative destruction of Schumpeterian capitalism

Forbes: I call it a bridge to the 19th century.

Gilder: A bridge to the 19th century, that’s right.

Forbes: And then solar panels, the problem there is even though it’s portrayed as futuristic, as you say you cannot get a doubling every 18 months.

Gilder: No. No, I mean solar panels are useful in many niches and solar energy is valuable, but as a replacement to the grid or a replacement for the massive amounts of power needed to fuel electric cars or whatever it is, it’s just a joke. Solar panels are based on the incident sunlight that hits photo detectors. And their size is governed by the wavelengths of sunlight, not by the imagination of engineers who are contriving ever more miniaturized transistors down the Moore’s Law learning curve.

CFOs Know Nothing

Forbes: Finally, a favorite saying of yours, you quote Peter Drucker that CEOs and CFOs, the myth is that they actually know what is happening to their companies. Explain.

Gilder: Well, Peter Drucker is a great genius who has made many wonderful contributions to Forbes and to Forbes conferences. And the last Forbes conference, a CEO conference, he almost fell off the stage. He was really precarious and everybody was just terrified that he was going to be interrogated.

And then finally he pulled himself together and said, “I have only one thing to tell you CEOs. No one, and I mean no one, in your company knows less about your business than your CFO, your chief financial officer.” And what he’s conveying is that businesses are really governed not by what’s going on inside, but the future of them is determined by two groups, customers and investors who are outside the company.

And they can change their minds in an instant. The idea that CEOs and CFOs, by pouring through the financials, can project the future and know what’s happening in the minds of these forces beyond their walls, is quixotic. They don’t know.

That’s why, again, it’s this illusion that the surprises of capitalism can be captured in some computer model or some socialist plan. They can’t. It’s the upside surprises that Peter Drucker said signify the big opportunities. And the other great Drucker statement is, “Don’t solve problems. That plunges you into the past. Pursue opportunities.”

That’s the key entrepreneurial role, pursuing opportunities, which often leaves the problems behind by transforming the whole landscape as wireless broadband did. People thought wireless broadband was a contradiction in terms and it may end up being the dominant form of broadband.

Forbes: So as in the old days, instead of worrying about horse manure in the cities, invent the automobile.

Gilder: That’s right.

Forbes: George, thank you very much.

Gilder: Well, thank you. It’s been great, as always.

Click through to watch the video of Steve Forbes’ interview with tech guru George Gilder.

"Gilder: That 553-fold increase in wireless broadband, nobody imagined really. I mean, it startled me with its speed and overwhelming impact.Forbes: Well, pat yourself on the back — you called them teleputers years ago. Now we call them smartphones, tablets, iPads."

Well nobody INCLUDING Gilder imagined. I recall he was big on fiber as being where the giant explosion will be.He certainly did predict the world altering affects of the internet no doubt.

My memory agrees with yours, though IIRC it was discussed on the Gilder forum. BTW I have what is for me a large position in CREE now. I am up about 80%.

Here's Tricky Dog's comments on the Gilder interview:==========================Interesting - nice to know Gilder has not lost all his glitter.

Re: cloud computing - he sounds like his cloud knowledge is a bit shallow - or he was speaking in shallow terms for easy comprehension. Cloud computing is a difficult transition to grasp well. Just came back from Cloud Connect in San Jose last month myself. Happy to give you an update in person - too lengthy to send an email missive.

His emphasis on DPI (deep packet inspection) is challenged - there are certainly opportunities but they are not going to be dominant. The incredible increase in traffic won't allow for DPI to keep up, no matter how good the chips are.

And then there's the rubbish about net neutrality ... he apparently has investments in companies down in the networking layer (e.g. DPI). Silly boy - the network was commoditized a long time ago. The whole issue with providers whining about net neutrality is because they missed the bus and want the monopoly back on their old business. The services layer is where the action is (e.g. cloud computing) and exploiting the crap out of the network is just leeching because you don't have a service play. Gilder is being two-faced when he criticizes the government and goes on about a bridge to the 19th century......

Gilder missed the WiFi component of wireless but was all over Qualcomm from the beginning for having the technology to transfer data over wireless. The smartphone was something Gilder has described almost since Get Smart called Agent 99 on the world's first cell phone. When your business is predicting the future, being wrong or partly wrong is part of the experience. (Don't buy the stocks.)

Time will tell what role these deep packet inspections will play. I am surprised that it is possible to read packets at all at the speed of light, and then 'route' them.

Net Neutrality looks like the full employment act for trial lawyers to me - aren't they already fully employed? A law I assume that would state simply that no packets shall face discrimination. A consumer's netflicks download has to go in its entirety ahead of a bank robbery hostage situation in process message, if his10 films were requested before shots were fired at the bank. I don't think it will it will ever be all non-priortized traffic. Instead implementation will look more like ObamaCare with a 1000 exemptions right out of the gate, and politicians and bureaucrats can decide for us what are our priorities and who has lobbied the hardest. Do we want spam for example to flow through undiscriminated? Child porn, nuclear secrets, intentional attacks on competitor's websites? Of course not, but who will decide? And at what speed? I am trying to visualize the Federal Department of Internet with traffic cops at each speed of light rolling stop viewing the network providers routing choices on the fly and writing tickets for breaking a law with a thousand exemptions that prohibits one particular choice that a provider made. Seems to me that innovation ends when government takes charge.

The argument I am hearing is that government needs to step in because a potential problem could occur in the future. Implied is that - luckily - no potential downside or unintended consequence will ever come with a whole new department of federal regulations inspecting our everything. I don't buy it. I would like to first learn of one function of government that innovated faster, for the consumer, than the history so far of the private sector-based broadband internet buildout.

Net Neutrality OverrideThe House votes to stop the FCC's Internet power grab.

The Obama Administration continues to ignore court decisions on Internet regulation and use agencies like the Federal Communications Commission to circumvent Congress. We're happy to see House Republicans vote to overrule this behavior.

Two days before Christmas, the FCC issued "net neutrality" rules on a partisan 3-2 vote that restrict how Internet service providers like Comcast and Verizon can manage their network traffic and serve customers. The regulation is a favorite of big Web content companies and Naderite consumerists who want more political sway over the Internet.

James Gattuso of the Heritage Foundation on White House efforts to regulate the Web.

Congress has never given the FCC authority to regulate the Internet, which is why the D.C. Circuit Court of Appeals ruled against the agency last year when it tried to enforce net neutrality rules against Comcast. FCC Chairman Julius Genachowski nonetheless pressed ahead, despite the absence of any market failure or consumer harm that might justify new rules.

Last week the House voted 240 to 179 to reverse the rule-making. Representative Greg Walden of Oregon introduced the measure under the Congressional Review Act, which allows Congress to overturn agency rules with a simple majority in the House and Senate.

On the House floor, Energy and Commerce Chairman Fred Upton said the FCC had "overstepped its authority and is attempting to seize control of one of the nation's greatest technological success stories." He's right. By the FCC's own reckoning, 95% of the country has access to broadband, and inside of a decade the number of Internet users has grown to 200 million from eight million. Meanwhile, prices are falling and choices are expanding. Almost no mobile applications were available to consumers in 2007. Today there are more than a half-million, and they're growing at an annual rate of 92%.

The resolution now moves to the Senate, where only 51 votes are needed. But President Obama has promised to veto the measure if it reaches his desk, and 67 Senate votes would be needed to override the veto. Whether enough Democrats would vote with the GOP to do that is an open question, though we wouldn't dismiss the possibility of some bipartisan support given the number of Senate Democrats up for re-election next year.

The exercise is still useful in reminding the White House that the Constitution delegates lawmaking to Congress, not political appointees at the FCC. It also might have a chastening effect on the Administration, which has turned to rule-making agencies like the FCC and the Environmental Protection Agency to push an agenda that it can't get through Congress.

Mr. Obama insists that he's focused on economic growth and innovation. He could do that goal a favor by letting Congress override his politically-driven FCC.

One subject of the third round of the U.S.–China Strategic and Economic Dialogue will be cybersecurity. Part of Secretary of Defense Robert Gates’s proposed Strategic Security Dialogue, it reflects the growing prominence of cybersecurity in Sino-American strategic relations.

The concerns include computer network exploitation and computer network attacks, but also tampering with the physical infrastructure of communications and computer networks. Vulnerabilities could be introduced in the course of manufacturing equipment or created through purchase of malignant or counterfeit goods. Recent experience highlights these problems.Such possibilities have brought calls for trade barriers, ranging from random entry-point inspections of various types of goods and equipment (e.g., chips and routers) to prohibition of some imports (e.g., communications hardware), especially from a major manufacturer, the People’s Republic of China (PRC).The trade proposals tend to be vague because the cyber threat itself, while real, is vaguely presented. While an ill-defined threat certainly bears watching, it does not justify protectionism. Cybersecurity is largely classified, but trade is not, and trade policy cannot be held hostage to cybersecurity unless specific dangers are put forward.What Is the Threat? A longstanding fear has been that cyber attacks against the U.S. might result in disruptions to power, banking, and communications systems at a critical moment. The cyber attacks on Estonia and Georgia, which disrupted commerce and communications, raise the specter that the U.S. might undergo the equivalent of a cyber Pearl Harbor. Efforts by the Defense Advanced Research Projects Agency (DARPA) to improve verification capabilities highlight the limitations of current computer engineering skills in, for example, diagnosing cyber intrusions. Initial studies on the Trusted Integrated Circuit program, seeking to create a secure supply chain, were requested in 2007. As of late 2010, DARPA was still seeking new research proposals for determining whether a given chip was reliable, and whether it had been maliciously modified, as part of the Integrity and Reliability of Integrated Circuits (IRIS) program.[1]A more recent worry is vulnerabilities “hardwired” into the physical infrastructure of the Internet. In the last several years, the FBI has warned that counterfeit computer parts and systems may be widespread.This can manifest itself in two ways: fake parts and systems, which may fail at dangerously higher rates, or contaminated systems that might incorporate hardwired backdoors and other security problems, allowing a foreign power to subvert a system.[2] Similar problems have been identified by American allies; the U.K. has identified counterfeit parts entering into its military supply chain.Much cyber-related attention has been focused on the PRC. China is reportedly the source of many of the hacking efforts directed at U.S. military and security computer networks. Chinese computer infiltration has reputedly obtained access to such sensitive programs as F-35 design information. Such efforts as Titan Rain, Ghostnet, and others have reportedly attacked U.S. and other nations’ information systems systematically and have infiltrated email servers and networks around the world. One example is the “Shadow network,” which affected “social networking websites, webmail providers, free hosting providers and services from some of the largest companies.”[3] Many have been traced back to the PRC—but attribution to any specific Chinese entity is extremely difficult.A growing concern is that China can exploit its position as one of the world’s largest producers of computer chips, motherboards, and other physical parts of the Internet to affect American and allied infrastructure. China has apparently already demonstrated an ability to tamper with Domain Name System (DNS) servers based in China, “effectively poisoning all DNS servers on the route.”[4]The fear is that they could now affect foreign-based routers. In this regard, the issue of Chinese counterfeit parts is compounded by uncertainty about whether fake parts are being introduced as part of a concerted intelligence campaign or simply the result of profiteering by local contractors.Public Information Is LackingThe arcane nature of the threat enhances uncertainty. Understanding the workings of computer viruses, patches, and the vulnerabilities of routers or microchips is difficult. Comprehending the intricacies of global supply chains and tracing the ultimate source of sub-systems and components can be equally difficult. Former NSA and CIA Director General Michael Hayden writes that “Rarely has something been so important and so talked about with less clarity and less apparent understanding.”[5]Several studies highlight some of the myriad vulnerabilities.The 2005 Defense Science Board Task Force on High Performance Microchip Supply identified the growing security problem of microchips being manufactured (and more and more often designed) outside the United States.The 2007 Defense Science Board Task Force on Mission Impact of Foreign Influence on DOD Software noted that software frequently incorporates pieces of code from a variety of sources, any of which might be a point of vulnerability.The 2008 National Defense Industrial Association’s handbook “Engineering for System Assurance” provides a comprehensive overview of system assurance, which in turn highlights how difficult it can be to achieve it.Over-classification is also a problem. General Hayden notes that much of the information on cyber threats is “overprotected.” Greg Garcia, head of the Bush Administration’s efforts on cybersecurity, has similarly noted that “there was too much classified…Too much was kept secret.”[6]Leave Trade AloneThe ambiguity on the security side actually clarifies the trade side. If the cyber threat is understood only tenuously, testing imported goods for cyber threats will be inadequate to identify compromised equipment. With ineffective testing, banning some importers would not be worthwhile. In a global economy, equipment will simply be re-routed. The U.S. does not have the resources necessary to track the true source of goods when dangerous items cannot be easily discovered—and discovery may even be impossible.If the threat was well understood but national security argued against the disclosure of vital information, this at least suggests that the danger from trade is secondary to other dangers. America retains the option, of course, of simply restricting trade on national security grounds without disclosing its reasons. This would be unwise.One drawback of restricting trade would be the costs incurred by the U.S. in terms of spending on import inspections and the loss of availability of certain goods. The defense community is often not well-positioned to anticipate the extent of these economic costs. People will not relinquish scarce resources voluntarily when the gains from doing so are not spelled out.The second drawback is the reaction of American trade partners. American exports already suffer from undocumented national security justifications for protectionism. Were the U.S. to introduce a new set of potentially sweeping restrictions based on hidden national security requirements, the global trade environment would immediately and sharply deteriorate. Costs would be far higher than indicated by looking at American actions alone.Balancing Economic and Security ResponsibilitiesSecurity. For policymakers and the public to properly comprehend the magnitude of the problem, the Department of Defense must be as transparent as possible. Some material will be classified. But the trade-off between security classification and the ability to promptly and adequately respond to a threat should be weighted more heavily to the transparency side than it is at present. Trade. The Department of Commerce and United States Trade Representative should restrict trade only in accordance with what can be defended publicly and systematically. Introduction of ad hoc trade restrictions that claim a classified basis will harm the American economy.For now, it is unreasonable to impose considerable economic costs for the sake of a serious but vaguely presented threat.Dean Cheng is Research Fellow in Chinese Political and Security Affairs and Derek Scissors, Ph.D., is Research Fellow in Asia Economic Policy in the Asian Studies Center at The Heritage Foundation.

Increasingly, chains of evidence include software steps. It's not just the RIAA suing people -- and getting it wrong -- based on automatic systems to detect and identify file sharers. It's forensic programs used to collect and analyze data from computers and smart phones. It's audit logs saved and stored by ISPs and websites. It's location data from cell phones. It's e-mails and IMs and comments posted to social networking sites. It's tallies from digital voting machines. It's images and meta-data from surveillance cameras. The list goes on and on. We in the security field know the risks associated with trusting digital data, but this evidence is routinely assumed by courts to be accurate. Sergey Bratus is starting to look at this problem. His paper, written with Ashlyn Lembree and Anna Shubina, is "Software on the Witness Stand: What Should it Take for Us to Trust it?."http://www.schneier.com/blog/archives/2011/04/software_as_evi.html

COMPARED with IBM, Microsoft is a mere stripling. Founded in 1975, it rose swiftly to dominate the world of personal computing with its Windows operating system and Office suite of word-processing and other productivity tools. But the company is now showing some worrying signs of middle-age fatigue. In particular, it is struggling to find a growth strategy that will enthuse disgruntled shareholders.

Grumbles are understandable. Since Steve Ballmer took over from Bill Gates as chief executive in 2000, Microsoft’s share price has languished and the company has lost its reputation as a tech trend-setter. It has been left behind in hot areas such as search and social networking by younger companies, some of which love to thumb their noses at their older rival. Eric Schmidt, the executive chairman of Google, recently proclaimed that leadership in the tech world had passed from Microsoft and others to a “Gang of Four” fast-growing, consumer-oriented businesses: Google, Apple, Amazon and Facebook.

Few would quibble with that. The question is: what, if anything, can Microsoft do to change it? In at least some respects, the company appears to be suffering from similar ailments to those that laid IBM low before Lou Gerstner was hired in 1993 to get it back on its feet. These include arrogance bred of dominance of a particular area—mainframe computers at IBM, personal computers at Microsoft—and internal fiefs that hamper swift change. For instance, the division that champions cloud computing must deal with one that is the cheerleader for Windows, which is likely to want computing to stay on desktops for as long as possible to maximise its own revenues.

Related topicsIBM Microsoft As IBM’s experience shows, rejuvenation in the tech world is possible. And some observers see encouraging glimmers of progress at Microsoft. Sarah Rotman Epps of Forrester, a research firm, reckons that Windows 8, a forthcoming version of Microsoft’s operating system, could be a serious competitor to Google’s Android on tablet computers if the company can get it to market next year. Microsoft is also in far better shape financially than IBM was at its nadir, so it can afford to splash out on acquisitions such as its recent $8.5 billion purchase of Skype, an internet-phone and video-calling service.

That bet and an alliance with Nokia in mobile phones (putting the phone version of Windows into the big but troubled Finnish firm’s devices) show that Microsoft is trying to bulk up in promising areas. Yet sceptics worry that such initiatives are not the product of an overarching strategic vision, but are instead tactical moves designed to placate critics who fear Microsoft is drifting downwards. David Einhorn, a prominent hedge-fund manager whose fund holds shares in Microsoft, has publicly called for a change at the top of the firm, arguing that Mr Ballmer is “stuck in the past”. So far, the company’s board, chaired by Mr Gates, has backed its chief executive. But if IBM’s history is a guide, Microsoft may yet end up jettisoning its leader.****

****IBM's centenaryThe test of timeWhich of today’s technology giants might still be standing tall a century after their founding? Jun 9th 2011 | from the print edition

IT IS not, by any means, the world’s oldest company. There are Japanese hotels dating back to the 8th century, German breweries that hail from the 11th and an Italian bank with roots in the 15th. What is unusual about IBM, which celebrates its 100th birthday next week, is that it has been so successful for so long in the fast-moving field of technology. How has it done it?

IBM’s secret is that it is built around an idea that transcends any particular product or technology. Its strategy is to package technology for use by businesses. At first this meant making punch-card tabulators, but IBM moved on to magnetic-tape systems, mainframes, PCs, and most recently services and consulting. Building a company around an idea, rather than a specific technology, makes it easier to adapt when industry “platform shifts” occur (see article).

True, IBM’s longevity is also due, in part, to dumb luck. It almost came unstuck early on because its bosses were hesitant to abandon punch cards. And it had a near-death experience in 1993 before Lou Gerstner realised that the best way to package technology for use by businesses was to focus on services. An elegant organising idea is no use if a company cannot come up with good products or services, or if it has clueless bosses. But on the basis of this simple formula—that a company should focus on an idea, rather than a technology—which of today’s young tech giants look best placed to live to 100?

The most obvious example is Apple (founded in 1976). Like IBM, it had a near-death experience in the 1990s, and it is dangerously dependent on its founder, Steve Jobs. But it has a powerful organising idea: take the latest technology, package it in a simple, elegant form and sell it at a premium price. Apple has done this with personal computers, music players, smartphones and tablet computers, and is now moving into cloud-based services (see article). Each time it has grabbed an existing technology and produced an easier-to-use and prettier version than anyone else. This approach can be applied to whatever technology is flavour of the month: Apple has already shifted from PCs to mobile devices.

The animating idea of Amazon (founded in 1994) is to make it easy for people to buy stuff. It began by doing this for books, but has since applied the same idea to other products: music, groceries, mobile apps, even computing power and storage, which it sells on tap. The Kindle may resemble an e-reader, but it is just as much a portable bookstore. As new things come along, Amazon will make it easy for you to buy them. Similarly, the aim of Facebook (2004) is to help people share stuff with friends easily. This idea can be extended to almost anything on almost any platform.

Consider, by contrast, three product-based firms. Dell (founded in 1984) made its name building PCs more efficiently than anyone else and selling them direct to consumers. That model does not neatly transfer to other products. Cisco Systems (also 1984) makes internet routers. It has diversified into other areas, such as videoconferencing, but chiefly because it thought this would increase demand for routers. Microsoft (1975) is hugely dependent on Windows, which is its answer to everything. But software for a PC may not be the best choice to run inside a phone or a car. All these firms are wedded to specific products, not deeper philosophies, and are having trouble navigating technological shifts.

Other giants are still struggling to move beyond their core technologies. Oracle (1977) was originally a database company, which peddled databases as the answer to all its clients’ problems. But in the past decade it has moved into other corporate software, and hardware too. Now it aims to provide entire computing systems. Google (1998) knows the importance of an idea. “Organising the world’s information and making it universally accessible” is its motto, and it is putting that into practice on mobile devices through its Android software, which is spreading fast. But Google is still heavily dependent on a single product—internet search and related advertising.

Good to be elegant, better to be old

The upshot: Apple, Amazon and Facebook look like good long-term bets. Dell, Cisco and Microsoft do not. The jury is out on Oracle and Google. See you in 2111—provided, that is, that The Economist (founded in 1843, with the idea of explaining the world to its readers) is still around too.****

BALTIMORE — The commander of the U.S. Cyber Command said Thursday that he does not favor giving the United Nations the power to regulate the Internet.

Some regulations are needed to protect critical networks that control electrical power, banking, transportation and other key elements of society, Army Gen. Keith Alexander, who is also director of the National Security Agency, said after a speech to a security conference.

But asked whether the U.N. should have a regulation role, Gen. Alexander said: “No. I’m not for regulating, per se. I’m concerned about it, and this is a tough question. I would say, generally speaking, I’m not into that portion of regulating as you would espouse.”

Last month, Russia, China, Uzbekistan and Tajikistan submitted a resolution to the U.N. General Assembly calling for giving individual states the right to control the Internet. The resolution, submitted Sept. 14, calls for “an international code of conduct for information security.”

It requests “international deliberations within the United Nations framework on such an international code, with the aim of achieving the earliest possible consensus on international norms and rules guiding the behavior of states in the information space.”

China tightly controls the Internet through a cybersecurity police force estimated to be more than 10,000 people who monitor Internet users and websites.

Russia’s authoritarian government has taken steps in recent years to curb Internet freedoms. Uzbekistan and Tajikistan also are authoritarian regimes that seek to control Internet use.

Gen. Alexander said that, rather than seeking U.N. regulation, individual countries “first need to step up and say, ‘Look, how do we do this without regulating it?’ “

The four-star general suggested bolstering Internet security by using “cloud” technology, which uses remote computer servers for applications and data storage. Other new technologies that permit greater visibility of cyberthreats on networks also can be used to improve security, he said.

“I do think that there may be some things for critical infrastructure and government networks that we’re going to have to direct out to the government,” Gen. Alexander said. “These are things that you must do to secure your networks for government survivability.”

Additionally, security cooperation between nations can be improved, he said.

“But for my grandchildren and my daughters out there, they have a great time on the network,” he said. “I would not want somebody to say you cannot let your 2-year-old grab the iPad and launch [an application].”

As for future considerations, Gen. Alexander said U.S. policymakers are discussing whether U.S. firms should be required to divulge information about cyber-attacks.

Additionally, he said: “I think down the road we have to figure out how do we ensure that your platforms do not create a public hazard, but I’m not sure I would put that in regulation.”

In a speech to the Information Systems Security Association conference, Gen. Alexander said U.S. development of the Internet brought tremendous benefits and “tremendous vulnerabilities” that can be exploited by hackers, criminals and nation states.

U.S. corporations were victims of cyber-attacks, including Google, Lockheed Martin and Booz Allen Hamilton, and some have lost valuable intellectual property through cybertheft and espionage.

The threat is increasing as the use of mobile devices such as smartphones and tablet computers increases.

“Here’s what concerns me: What we’re seeing is destructive [digital] payloads coming out, payloads that can make a blue screen of death, that can stop your operating system, your router or peripheral devices,” Gen. Alexander said.

Mobile devices increase the problem by “orders of magnitude” because of the lack of security built up over the past decade for desktop devices, he said.

Both are connected to networks, “and the issues we are going to see are huge,” Gen. Alexander said.

Shawn Henry, FBI executive assistant director for cyber-issues and a conference speaker, said a better network architecture is needed to identify cybercriminals who can operate anonymously.

Mr. Henry also called for better “assurance” for Internet communications to prevent someone from breaking into links that control key infrastructure. For example, computer communications between a technician remotely directing an electrical facility need better security, he said.

“The Internet was developed with protocols allowing for anonymity and there are legitimate reasons for wanting it that way,” Mr. Henry said. “But for those critical uses of the Internet where intrusion is entirely unacceptable and we must be able to identify the users, market-driven factors may prompt the private sector to explore solutions and alternate architectures to meet those needs.”

“We need a more secure architecture that allows for absolute attribution,” he said. “Threats are continuing to increase and we cannot constantly play defense.”

« Last Edit: October 21, 2011, 04:41:09 PM by Crafty_Dog »

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Recently I decided to make a couple of moves to test the integrity of the LinkedIn system vis-a-vis Internet scammers.

This morning I received a LinkedIn invitation from an associate, asking me to join his network. The appearance of the e-mail is exactly what one would expect a LinkedIn communication to look like. However, the red flags of oddness immediately cropped up: 1. I am already, and have been for five months, connected to this associate on LinkedIn. 2. The request came in to an e-mail address that is NOT the one I currently use for LinkedIn purposes. I deliberately changed the LinkedIn account e-mail address late last week as part of an integrity test (due to my suspicions that LinkedIn was connected to another ongoing e-mail scam effort) . If this associate (even if it were a legitimate invitation for the very first time) had used the LinkedIn system to send me an invitation, it would not have come in to the e-mail account that it did. It would have come in to the account I switched over to late last week. As did a legitimate invitataion earlier this morning. 3. When I access my LinkedIn account, and this is, perhaps, the most significant red flag, there is no invitation activity from this individual this morning. The only LinkedIn activity from him was the July 2011 invitation request, and several other messages during the past five months. 4. This invitation from this morning came in addressed to my fist initial. My first initial is what would appear on the e-mail account that the invitation came in on. The requesting associate has never, and would never, address me just by my first initial. All his comms to me have been by my first name. The reason this “invitation” came in to my first initial was because the sender does not know my full first name because neither the e-mail address nor the name on the e-mail account provides that information. There is no doubt in my mind that this is a well developed scam, the goal of which is to get me to click on the link provided in the body of the e-mail.

I am particularly attuned to the possibility of LinkedIn e-mail scams because several weeks ago I received an official looking “LinkedIn” invitation request from somebody I have never heard of, and it came into an e-mail account and name which there is not even an existing LinkedIn account for anybody to send an invitation to.

The moral of this saga is to be wary of the e-mails you receive. No matter how “official” they may look, think a moment before automatically clicking any links inside such an e-mail.

by Ben Grosshttp://bengross.com/your-new-years-resolution-pick-better-passwords/As we near the end of 2011, I can’t help but think this is the year I had the most trouble telling the difference between actual news stories and pieces from “America’s Finest News Source”, The Onion. As I write this article, details are still unfolding from the data breach at the well-known private intelligence firm Stratfor.

According to reports, hackers found a weakly protected database of usernames and passwords and an unencrypted database of credit card information. The hackers proceeded to use credit cards in the database to make donations to charitable organizations. Just because any story can use a bit more absurdity, there were claims and counter claims of whether or not the attack was associated with Anonymous, the discerning hackers first choice of affiliation.

According to Identity Finder, the Stratfor database contained approximately 44,000 hashed passwords in the database, roughly half of which have already been exposed. Unfortunately, another 20,000 or passwords on pastebin would not even be newsworthy, if it were not for the notoriety of Stratfor. Note: if you think you might have been on the list of compromised accounts in the Stratfor database, you can check at Dazzlepod.

There is plenty of blame to go around. First, Stratfor stored user passwords as basic unsalted MD5 hashes, which is simply irresponsible. There are widely available and generally well-regarded solutions for storing passwords such as bcrypt, which is nicely summarized in Coda Hale’s How To Safely Store A Password. Secondly, and more importantly, storing customer’s credit cards in clear text is unconscionable. Never mind the question about why on earth they were storing CCVs in their database, which is never OK.

Given the recent attacks against Sony, Gawker, HBGary Federal, and Infragard Atlanta, one could reasonably expect that Stratfor would pay more attention to the operational security side given their business.

To put the Stratfor hack in a more global context, the 2011 Verizon Data Breach Investigations Report aggregates data from Verizon RISK, the U.S. Secret Service and the Dutch High Tech Crime Unit. DataLossDB Statistics collected data from open sources including news reports, Freedom of Information Act (FOIA) requests, and public records. These reports give a more nuanced breakdown of the types of breaches and data exposed across many industries.

As much as it pains me to blame the victim, a great many of the subscribers to Stratfor’s service, clearly could and should have picked better passwords. According to Stratfor Confidential Customer’s passwords analysis, we could start with the 418 users who picked “stratfor” as their password or even the 71 users who picked “123456.” The database was full of weak passwords, which was why the clear text of nearly half the passwords followed in a post shortly after the original password hashes appeared online.

In Data Evaporation and the Security of Recycled Accounts, I described how passwords for email accounts are frequently the weak link in the security chain. It is common for sites to allow users to reset their passwords to the email address listed on the account. This means that a compromised email account may be the only method an attacker needs to gain access to other accounts.

In my dissertation interviews, I talked with people about how they managed their accounts and passwords. Many of my interviewees told me they effectively had 2–3 passwords they used for most accounts with some minor variations due to password complexity rules. The interviewees frequently reported using a set of low, medium, and high security passwords. Unfortunately, the email accounts were often given the low security passwords.

It pains me to think how many of the customers in Stratfor’s database likely reuse the same password on multiple sites. In Measuring password re-use empirically, Joseph Bonneau analyzed the overlap between rootkit.com and gawker.com passwords in addition to other studies and found a wide-spread ranging from 10% to 50% overlap. Even with 10% overlap, there are significant benefits from leveraging one exploited password database to compromise another. As always, XKCD keeps track of the pulse of the internet and has informative comics for both Password Reuse and Password Strength.

Realistically, it’s getting to the point where unless you have a pretty fantastic password, if your password is in a database of poorly hashed passwords then someone with a bit of time can discover it. Why is that you might ask? Whitepixel the purveyors of fine open source GPU accelerated password hashing software report that it currently achieves 33.1 billion password/sec on 4 x AMD Radeon HD 5970 for MD5 hashes. This is fast enough to make rainbow tables (pre-computed hashes for a dictionary attack) much less compelling. If the attacker has any additional personal information this significantly increases the chance of a successful attack since so many people use bits of personal information in their passwords. Bruce Schneier describes commercial software that exploits personal information when attempting compromise password hashes in Secure Passwords Keep You Safer.

In general, unless your password or pass phrase is quite long you are far better off with a long randomly generated string that you manage with a password manager. There are many good options including my personal favorite 1Password, LastPass, RoboForm, or the open source projects PwdHash or Password Safe. PasswordCard is a nice alternative if you would prefer a solution you can always carry with you that does not require any dependencies besides what you can carry in your wallet.

Unfortunately, none of the password managers are magic. You will still have to deal with a depressingly large number of services that force you to choose poor passwords with arbitrary restrictions. Troy Hunt names some offenders in the Who’s who of bad password practices – banks, airlines and more. Still, if you simply use a password manager and different password with each service, you will dramatically limit any potential damage, as an attacker cannot reuse your password on another service.

Bringing the conversation over to here from Homeland Security and American Freedom:

I note that my man Glenn Beck opposes the current bills and here's this email which I received today:

=====================

By now, you are no doubt aware that several websites have either gone totally or partially "dark" today in protest of the pernicious internet legislation that will be coming to a vote next week. Wikipedia and Google are just two of the websites which are protesting in this manner.

And while you may have not paid much attention to this story, you need to know that the "muzzle the web" legislation these sites are protesting could also affect your ability to get gun-related information on websites like GOA's.

The reason is that S. 968 could, in its final form, allow the Brady Campaign to partially shut down our GOA website and our organization (plus many other pro-gun websites) with a series of factually accurate, but legally frivolous complaints.

The Senate bill and its House counterpart have accurately been called "a direct attack on the underpinnings of the web."

True, many of the most serious "gun problems" are in the House counterpart. But the reality is this: We are within a few votes of killing the whole concept next week in the Senate with only 41 Senate votes.

But if we allow the so-called "anti-piracy" bill to go forward on the HOPE that the worst provisions will not make it into the final version --- and we fail to eliminate them --- the bill may be unstoppable.

Here are the "gun problems," as we see them:

Section 103(b)(1) of H.R. 3261 allows any "holder of an intellectual property right" to demand that PayPal and other payment and advertising services stop providing services to organizations like ours, thereby shutting off our income.

How would they do this? Perhaps by arguing that we were stealing their intellectual property by quoting their lying misrepresentations in our alerts.

Is this legally frivolous? Sure it is. But the Brady Campaign is the King of Frivolous Complaints:

* Remember when the Brady Campaign asked the Federal Election Commission in 2007 to shut down GOA's ability to post its candidate ratings on the Internet? They claimed that we were in violation of the McCain-Feingold Campaign Finance Reform Act. Thankfully, the FEC ruled in GOA's favor, thus enabling us to continue posting candidate ratings without restraint.

* Remember when the Brady Campaign got 36 state and local jurisdictions to bring frivolous lawsuits against gun manufacturers --- not in the expectation of winning, but to drain the resources of the manufacturers in order to halt the manufacture of guns in America?

This "muzzle the web" legislation will throw the doors open to even more frivolous complaints. Could we defend ourselves? Yes, we could. We could file a counter notification under section 103(b)(5) and spend years defending ourselves. But the one thing we did learn during the 36 frivolous lawsuits is that the anti-gun forces in America have very deep pockets.

And the other problem is that, under section 104, our Internet providers would be insulated from liability for shutting us down. But they would receive no comparable insulation from legal liability if they refused to cut us off.

The Senate version, S. 968, has been amended, at the behest of Iowa Senator Chuck Grassley and others, to provide many protections which were not in its initial form.

Under section 3, the Attorney General would go to court and would have to claim that, because of a hyperlink to an offending site, we were "primarily" engaged in the theft of intellectual property.

We would feel a lot better about these protections if the Attorney General were not Eric Holder, a ruthless ideologue who has demonstrated that he will go to any lengths to destroy the Second Amendment.

So the bottom line is this: H.R. 3261 and S. 968would potentially empower the Brady Campaign and Eric Holder to go after our Internet site. To do so, they would have to make the same frivolous arguments and engage in the same lawless activity that they have done so often in the past.

But --- given that we're within a few votes of snuffing out that risk by killing the bill in the Senate --- we believe it's the better course of action to do so.

ACTION: Contact your Senators. Ask them to vote against S. 968, every chance they get.

A serious question, Guro: Is there a chance that if SOPA were passed, could www.dogbrothers.com be blacked given the number of links and quotes, etc. posted on the forum from other web sites? Based on my understanding of the law, the critics (at least) seem to think this type of issue is a possibility.

I would submit that this forum comes nowhere close to meeting the criterion of being "dedicated to piracy", contrast various sites I have seen dedicated to theft. That said, the GOA piece on what the Brady folks have tried to get away with gives pause, and Glenn Beck certainly has credibility with me as well.

This is not to say that much/most of the opposition comes from folks who simply wish to keep stealing and that piracy is not a real problem.

I have no problem acknowledging that considerable drafting issues remain for this legislation to become worthy of passage.

Thank you for a thoughtful reply. And, while I am opposed to SOPA, I do agree with this: "much/most of the opposition comes from folks who simply wish to keep stealing and that piracy is not a real problem."

Kodak declared bankruptcy this week. Legislation to ban digital cameras could have saved this company, a “jobs creator,” pillar of the community and long-time wonderful brand. One wonders why they didn’t make the effort? Would you have lobbied for that bill?

A friend tells a story about Kodak. Apparently, they had 59 buildings on the site that made film. As the film business started to shrink, the obvious thing for Kodak to do was to shrink as well, to reduce overhead, to become more nimble. The CEO said, “look out at those buildings and answer this question for me: How many steps are involved in making film?”

The answer, of course, was 59. Slowly shrinking wasn’t an option. The overhang was too large, it was going to take a leap, not a gradual series of steps. And that’s why the future is uncomfortable for most successful industrialists, including those in the media business.

It’s interesting to note that the only people who are in favor of SOPA and PIPA are people who are paid to be in favor of it. And creators (authors like me and Clay Shirky and Scott Adams) aren’t. While the folks at the “Copyright Alliance” pretend to be looking out for the interests of independent filmmakers and authors, the fact is that the only paying members of their lobbying group seem to be big corporations, corporations that aren’t worried about creators, they’re worried about profits. Given a choice between a great film and a profitable one, they’d pick the profitable one every time. Given the choice between paying net profits to creators and adjusting the accounting…

Anyway, back to the future:

The leap to a new structure is painful for successful industries precisely because they’re successful. In book publishing, the carefully constructed system of agents, advances, copyeditors, printers, scarcity, distributors, sales calls, bestseller lists, returns and lunches is threatened by the new regime of the long tail, zero marginal cost and ebook readers with a central choke point. The problem with getting from one place to another is that you need to shut down building 59, and it’s hard to do that while the old model is still working, at least a little bit.

Just about all the people who lost their jobs in Rochester meant well and worked hard and did their jobs well. They need to blame the senior management of Kodak, the ones who were afraid of the future and hoped it would go away. There are more pictures being taken more often by more people than ever before–Kodak leadership couldn’t deal with their overhang and was so in love with their success that they insisted the world change in their favor, as opposed to embracing the future that was sure to arrive.

Please understand that the destruction of the music business had no impact at all on the amount of music available, and little that I can see on the quality of that music either. Musicians just want to make music, thanks very much, and they’ll find a way to make a living gigging in order to do so. The destruction of the film business in Rochester is going to have very little impact on people’s ability to take photos. The destruction of the New York publishing establishment will make me sad, and they/we should hustle, but it’s not going to have much impact on the number of books that are written.

Before we rush to the most draconian solution we can think of to save the status quo, I think it’s worth considering what the function of the threatened industry is, and whether we can achieve that function more directly now that the future is arriving.

Check out this short TED video from Clay Shirky. Especially the first minute, the middle 90 seconds and the last one as well.

"While the folks at the “Copyright Alliance” pretend to be looking out for the interests of independent filmmakers and authors, the fact is that the only paying members of their lobbying group seem to be big corporations, corporations that aren’t worried about creators, they’re worried about profits. Given a choice between a great film and a profitable one, they’d pick the profitable one every time. Given the choice between paying net profits to creators and adjusting the accounting…"

I disagree with this. It profoundly misses the fact that property rights and profit are good.

I'm willing to entertain the notion that there may be serious unintended side effects and it remains to be seen whether the drafting of the legislation can address these concerns or not, but I am not willing to agree to the additional assertion that people SHOULD be able to steal my work.

Like our Constitution, I believe in copyright.

Do you?

Why or why not?

The simple fact is that there are sites dedicated to making people's work e.g. martial arts instructional DVDs, downloadable for free. Your TED guy talks about reversing the presumption of innocent until proven guilty, but in the real world what is someone to do when the site is completely anonymous and located both nowhere and everywhere? As a matter of legislative drafting I'd have no problem with having two different courses of legal remedy. For a site that is run by identifiable persons (legal or corporate) then the usual legal framework remains. For those which seek to anonymously steal, well then the legal route of what is effectively a TRO (temporary restraining order) seems rather reasonable to me.

Sitting in his Los Angeles home, Kuwaiti billionaire Bassam Alghanim received an alarming call from a business associate: Hundreds of his personal emails were posted online for anyone to see.

Mr. Alghanim checked and found it to be true, according to a person familiar with the matter. The emails included information on his personal finances, legal affairs, even his pharmacy bills, this person said.

Enlarge Image

ReutersKuwaiti billionaire Kutayba Alghanim, above, allegedly commissioned hackers to copy emails of his brother, Bassam..That led to another surprise. Mr. Alghanim discovered the person who had allegedly commissioned the hackers was his own brother, with whom he is fighting over how to divide up billions of dollars of joint assets. Mr. Alghanim's lawyers allege in court filings that the brother hired investigators to illegally access his email with the help of Chinese hackers. Cost to hire the hackers: about $400.

One such site, hiretohack.net, advertises online services including being able to "crack" passwords for major email services in less than 48 hours. It says it charges a minimum of $150, depending on the email provider, the password's complexity and the urgency of the job. The site describes itself as a group of technology students based in Europe, U.S. and Asia.

Hiretohack.net's claims couldn't immediately be verified, and the group didn't respond to a request for comment.

ReutersBassam Alghanim.Mischel Kwon, who runs a security-consulting firm and is the former director of the U.S. Computer Emergency Readiness Team, a government organization known as US-CERT, says the hacker-for-hire industry is well established. Some are one- or two-person outfits, but there are also larger "organized crime" groups," she said. She and other specialists note that it is also easy to find tools online that assist in hacking into someone's email.

The issue of hacking and online espionage has gained prominence recently. In December, The Wall Street Journal reported that hackers in China breached the computer defenses of the U.S. Chamber of Commerce. A month earlier, a Paris court fined French energy giant Électricité de France SA €1.5 million, or about $1.9 million, for directing an investigator to hack into the computers of environmental group Greenpeace in 2006. In the U.K., authorities are investigating allegations of hacking by News Corp.'s recently closed tabloid, News of the World. News Corp., which has said it is cooperating with police, also owns The Wall Street Journal.

China appears to be a source of a significant proportion of attacks. In an October 2011 report to Congress, the U.S. Office of the National Counterintelligence Executive said that U.S. economic information and technology are targeted by industry and government from dozens of countries but that attackers based in China "are the world's most active and persistent perpetrators of economic espionage."

A U.K. government report took a shot at putting numbers to the problem last year: It estimated that computer-related industrial espionage cost U.K. businesses about £7.6 billion, or about $11.8 billion, annually in loss of information that could hurt a company's chances of winning open tenders, and loss of merger-related information. Cyber intellectual-property theft cost business an additional £9.2 billion annually, it estimated.

The problem is under-measured because many victims are reluctant to report attacks to protect their reputation. The Alghanims' dispute, however, provides a rare look at detailed hacking allegations.

The spat between the two brothers involves the divvying up of a sprawling business empire originally founded by their father. The brothers, Kutayba and Bassam, 66 years old and 60, respectively, are both U.S.-educated Kuwaiti citizens.

Enlarge Image

.The allegations of email hacking are detailed in litigation filed by Bassam in the U.K. and the U.S. According to his court filings, his older brother, Kutayba Alghanim, along with the brother's son and the company's chief legal officer, allegedly stole thousands of pages of emails over more than a year.

Bassam's lawyer said his client "was horrified to discover the privacy of his email accounts had been compromised."

A lawyer representing Kutayba and his son declined to comment on the hacking allegations or make the men available for comment. A lawyer representing the son's chief legal officer declined to comment. In the U.S. lawsuit—the one in which the three men are named as defendants—none has addressed the hacking allegations. The three men aren't named as defendants in the U.K. action.

Bassam is based in Los Angeles, while Kutayba and his son primarily live in Kuwait but maintain residences in the U.S., including a 16,000-square-foot Manhattan mansion and a 48-acre Long Island estate, according to Bassam's legal filings. Their fight has included a U.K. High Court civil case and a separate civil case in U.S. Federal Court in New York.

In the U.K., a judge recently concluded that the two defendants in that case, both British investigators, arranged the hacking. In that October decision, Justice Peter Smith also said the evidence showed that the hacking was carried out at the direction of Kutayba, his son and the chief legal officer, although they weren't defendants in that case.

"It is clear, on the evidence I have," that the trio orchestrated the computer hacking, Mr. Smith said in his ruling.

In the U.S. civil case, Kutayba, his son and the legal officer are named as defendants. Documents filed in federal court in New York allege the three directed the hacking and violated federal and state laws including computer misuse.

One of the two private investigators admitted to the U.K. court that he had hacked Bassam's email and said he did it at the orders of the second investigator. After the first investigator began cooperating with Bassam's lawyers, the legal action against him was stayed. The second investigator denied hacking; the judge found him in breach of civil laws on privacy and confidence.

Kutayba's legal filings argue that his brother is trying to avoid earlier agreements requiring their asset-split dispute to be handled by a Kuwaiti arbitrator. "Bassam has done everything in his power to avoid his obligations, including his obligation to arbitrate," Kutayba said in U.S. court filings.

In November in New York, the judge stayed the U.S. case pending a ruling by a Kuwait arbitrator on the dispute.

The two brothers were once close—they used to share homes in New York, Los Angeles and Kuwait, according to a person familiar with the matter. But they fell out a few years ago, according to Bassam's U.S. filings. One source of tension was an effort by Kutayba to promote his eldest son, Omar Alghanim, as heir to the family business, a person familiar with the matter said. Omar is a former Morgan Stanley analyst and founding shareholder of New York merger firm Perella Weinberg Partners LP.

Omar currently is chief executive of the family company, Alghanim Industries, a conglomerate that distributes electronics, among other things. The company's chief legal officer is Waleed Moubarak, the man who is alleged, along with Kutayba and his son, to have commissioned the hacking. Mr. Moubarak didn't respond to a request for comment.

Unable to reconcile, the brothers decided to divide their jointly held assets. Included is Alghanim Industries and other businesses; a stake in Kuwait's Gulf Bank; residential properties in New York, London, Los Angeles, Kuwait and elsewhere; a $450 million portfolio; and $100 million in art, according to Bassam's U.S. and U.K. court filings.

The two continued to feud even after signing a March 2008 memorandum of understanding, according to U.S. court filings by both. That memorandum, included in Kutayba's filings, describes a 60:40 ownership split between Kutayba and Bassam, respectively, of their Kuwait-based assets and an even split of overseas assets.

As the dispute escalated, Kutayba and his associates turned to Steven McIntyre, a private investigator near London, according to documents filed in the U.K. court by Bassam and Mr. McIntyre. Mr. McIntyre, in turn, enlisted the help of Timothy Zimmer, a forensic investigator and then-colleague, and in mid-2008 asked him to gain access to Bassam's two personal email accounts, according to a witness statement by Mr. Zimmer in U.K. court.

In his witness statement, Mr. Zimmer said he contacted an organization called Invisible Hacking Group, which he had previously used for security-testing of web-based email accounts.

Little is known about IHG. Mr. Zimmer, in his witness statement, said IHG instructed him to send payment to Chengdu, a city in China. The legal filings don't indicate how Mr. Zimmer and IHG first came in contact.

Today, IHG doesn't appear to have an online presence, although there are a few message-board posts from 2004 under that name offering computer-monitoring services for a few hundred dollars a month. "Do you want to know what your business competitors are doing online everyday?" the message reads. An email sent to an address in the message bounced back.

According to Mr. Zimmer's statement, the IHG service worked like this: It requested the target person's email address, the names of friends or colleagues, and examples of topics that interest them. The hackers would then send an email to the target that sounded as if it came from an acquaintance, but which actually installed malicious software on the target's computer. The software would let the hackers capture the target's email password.

Mr. Zimmer forwarded Bassam's email addresses to IHG, according to his witness statement. IHG then sent him the passwords to Bassam's email accounts, for which he paid £256 (about $400) to the China address, he said.

Using the passwords, Mr. Zimmer printed Bassam's emails—filling eight ring binders—and gave them to Mr. McIntyre, according to Mr. Zimmer's statement. Mr. McIntyre initially personally delivered them to Omar, Kutayba's son, first on his yacht moored at the Italian island of Capri and then, via a colleague, on his yacht in Sardinia, according to Bassam's U.K. and U.S. filings.

To make the process of obtaining the emails more efficient, the investigators set up a password-protected website, jackshome.info, to which they uploaded copies of the emails, Bassam's U.K. and U.S. court filings allege.

Bassam alleges that his brother and his associates accessed thousands of pages of emails, according to the U.K. and U.S. court filings. The private investigators received more than $200,000 for their alleged hacking services over 13 months, according to Bassam's U.S. filings.

The operation was tripped up in August 2009 when one of Bassam's advisers found some of the emails online, according to U.K. filings. Because of a glitch, documents uploaded to the password-protected website were actually accessible via Google search, the filings said.

In September 2009, Mr. Zimmer and Mr. McIntyre's colleague flew to New York to explain what went wrong to Omar and Mr. Moubarak, Mr. Zimmer said in his witness statement. The men gathered in a suite at the luxury Carlyle Hotel. Omar, who "was getting very worked up," according to Mr. Zimmer's statement, said in the meeting that not only did he want to get back into Bassam's email accounts but he also wanted access to the email of another family member close to Bassam.

In his U.K. witness statement, Mr. Zimmer admitted he hacked Bassam's emails and said Mr. McIntyre instructed him to do so.

Mr. McIntyre disputed the hacking allegations in a letter to the court, but said he couldn't afford to attend court. According to the October judgment, Mr. McIntyre said he was "too ill and too distressed, too oppressed" to attend. The judge hasn't yet ruled on whether Mr. McIntyre will have to pay damages.

We welcomed the collapse this month of two flawed bills to prevent online piracy, bills that could have stifled speech and undermined Internet safety. But piracy by Web sites in countries like Russia and China, which offer high-quality bootleg copies of movies and music, is a real problem for the nation’s creative industries. And there is legislation that could curb the operation of rogue Web sites without threatening legitimate expression.

The Online Protection and Enforcement of Digital Trade (OPEN) Act, sponsored by Senator Ron Wyden and Representative Darrell Issa, offers a straightforward and transparent approach to the problem. Content owners could ask the International Trade Commission to investigate whether a foreign Web site was dedicated to piracy. The Web site would be able to rebut the claim. If the commission ruled for the copyright holder, it could direct payment firms like Visa and PayPal and advertising networks like Google’s to stop doing business with the Web site.

The bill addresses concerns of copyright holders that the process would be too slow to match the pirates’ speed. It would allow them to request temporary restraining orders when there is urgency to, say, stop a Russian Web site from illegally streaming the Super Bowl. That Web site would still have a chance to respond, but it would have to move more quickly to make its case.

The OPEN Act also avoids some of the pitfalls of the previous bills. The legislation backed by movie studios and record labels would have penalized Web sites accused of the vague crimes of enabling or assisting piracy. OPEN would penalize only Web sites dedicated “willfully and primarily” to the infringement of copyrights or trademarks, a well-established standard used in the Digital Millennium Copyright Act to prevent domestic piracy.

OPEN would not give copyright holders the authority to direct payment processors and ad networks to stop doing business with a given Web site: that would have opened a door for abuse. And the Justice Department would not be able to “disappear” rogue Web sites by tinkering with their addresses — a provision too much like hacking, which worried safety experts.

By giving the International Trade Commission sole authority to determine infringement, OPEN would also prevent copyright holders from shopping around for sympathetic courts, making the process more consistent and less likely to spark trade conflicts and retaliatory moves.

The new bill may not be perfect; some Web sites that aid or abet pirates may avoid punishment. But it gives copyright holders powerful new tools to protect themselves. And it goes a long way toward addressing the concerns of Internet companies, protecting legitimate expression on the Web from overzealous content owners. The two sides need to move beyond their resentments and push for its passage.

THE digital tsunami that swept over the Capitol last month, forcing Congress to set aside legislation to combat the online piracy of American music, movies, books and other creative works, raised questions about how the democratic process functions in the digital age.

Policy makers had recognized a constitutional (and economic) imperative to protect American property from theft, to shield consumers from counterfeit products and fraud, and to combat foreign criminals who exploit technology to steal American ingenuity and jobs. They knew that music sales in the United States are less than half of what they were in 1999, when the file-sharing site Napster emerged, and that direct employment in the industry had fallen by more than half since then, to less than 10,000. They studied the problem in all its dimensions, through multiple hearings.

While no legislation is perfect, the Protect Intellectual Property Act (or PIPA) was carefully devised, with nearly unanimous bipartisan support in the Senate, and its House counterpart, the Stop Online Piracy Act (or SOPA), was based on existing statutes and Supreme Court precedents. But at the 11th hour, a flood of e-mails and phone calls to Congress stopped the legislation in its tracks. Was this the result of democracy, or demagoguery?

Misinformation may be a dirty trick, but it works. Consider, for example, the claim that SOPA and PIPA were “censorship,” a loaded and inflammatory term designed to evoke images of crackdowns on pro-democracy Web sites by China or Iran. Since when is it censorship to shut down an operation that an American court, upon a thorough review of evidence, has determined to be illegal? When the police close down a store fencing stolen goods, it isn’t censorship, but when those stolen goods are fenced online, it is? Wikipedia, Google and others manufactured controversy by unfairly equating SOPA with censorship. They also argued misleadingly that the bills would have required Web sites to “monitor” what their users upload, conveniently ignoring provisions like the “No Duty to Monitor” section.

The hyperbolic mistruths, presented on the home pages of some of the world’s most popular Web sites, amounted to an abuse of trust and a misuse of power. When Wikipedia and Google purport to be neutral sources of information, but then exploit their stature to present information that is not only not neutral but affirmatively incomplete and misleading, they are duping their users into accepting as truth what are merely self-serving political declarations.

As it happens, the television networks that actively supported SOPA and PIPA didn’t take advantage of their broadcast credibility to press their case. That’s partly because “old media” draws a line between “news” and “editorial.” Apparently, Wikipedia and Google don’t recognize the ethical boundary between the neutral reporting of information and the presentation of editorial opinion as fact.

The violation of neutrality is a patent hypocrisy: these companies have long argued that Internet service providers (telecommunications and cable companies) had to be regulated under the doctrine of “net neutrality” because of their power as owners of the Internet pipes. But what the Google and Wikipedia blackout showed is that it’s the platforms that exercise the real power. Get enough of them to espouse Silicon Valley’s perspective, and tens of millions of Americans will get a one-sided view of whatever the issue may be, drowning out the other side.

The conventional wisdom is that the defeat of these bills shows the power of the digital commons. Sure, anybody could click on a link or tweet in outrage — but how many knew what they were supporting or opposing? Would they have cast their clicks if they knew they were supporting foreign criminals selling counterfeit pharmaceuticals to Americans? Was it SOPA they were opposed to, or censorship?

No doubt, some genuinely wanted to protect Americans against theft but were sincerely concerned about how the language in the bill might be interpreted. But others may simply believe that online music, books and movies should be free. And how many of those e-mails were from the same people who attacked the Web sites of the Department of Justice, the Motion Picture Association of America, my organization and others as retribution for the seizure of Megaupload, an international digital piracy operation? Indeed, it’s hackers like the group Anonymous that engage in real censorship when they stifle the speech of those with whom they disagree.

Perhaps this is naïve, but I’d like to believe that the companies that opposed SOPA and PIPA will now feel some responsibility to help come up with constructive alternatives. Virtually every opponent acknowledged that the problem of counterfeiting and piracy is real and damaging. It is no longer acceptable just to say no. The diversionary bill that they drafted, the OPEN Act, would do little to stop the illegal behavior and would not establish a workable framework, standards or remedies.

It has become clear that, at this point, neither SOPA, PIPA nor OPEN is a viable answer. We need to take a step back to seek fresh ideas and new approaches. The “Copyright Alert” program, a voluntary effort by the entertainment industries and leading Internet service providers to notify users whose accounts are being used for wrongful downloading over peer-to-peer networks, shows that respectful fact-based conversations can lead to progress.

We all share the goal of a safe and legal Internet. We need reason, not rhetoric, in discussing how to achieve it.

Cary H. Sherman is chief executive of the Recording Industry Association of America, which represents music labels.

....FBI could take down Internet for millions on March 8By Andrew Couts | Digital Trends – 12 hrs ago....EmailNew: Now the email button gives you a quick and easy way to start a conversation.

Share18Print......The Federal Bureau of Investigation may soon be forced to shut down a number of key Domain Name System (DNS) servers, which would cut Internet access for millions of Web users around the world, reports BetaBeat. The DNS servers were installed by the FBI last year, in an effort to stop the spread of a piece of malware known as DNSCharger Trojan. But the court order that allowed the set up of the replacement servers expires on March 8.

In November of last year, authorities arrested six men in Estonia for the creation and spread of DNSCharger, which reconfigures infected computers’ Internet settings, and re-routes users to websites that contain malware, or other illegal sites. DNSCharger also blocks access to websites that might offer solutions for how to rid the computer of its worm, and often comes bundled with other types of malicious software.

By the time the FBI stepped in, DNSCharger had taken over computers in more than 100 countries, including half-a-million computers in the US alone. To help eradicate the widespread malware, the FBI replaced infected servers with new, clean servers, which gave companies and individuals with infected computers time to clean DNSCharger off their machines.

Unfortunately, DNSCharger is still running on computers “at half of the Fortune 500 companies,” and at “27 out of 55 major government entities,” reports cybersecurity journalist Brian Krebs. These computers rely on the FBI-installed DNS servers to access the Web. But if the court order is not extended, the FBI will be legally required to remove the clean servers, which would cut off the Internet for users still infected with DNSCharger.

Companies or other agencies that are unsure whether their systems are infected with DNSCharger can get free assistance here. And private users can find out if they are infected using instructions provided here.

[Image via Maxim Tupikov/Shutterstock]

This article was originally posted on Digital Trends

More from Digital Trends

FBI releases harsh 191-page background file on Steve Jobs

Anonymous publishes email exchange with Symantec over $50K payoff

Spanish Pirate Party gathering ex-Megauploader lynch mob to sue US

Minority Report is real: FBI wants to use social networks to prevent future crime

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

If you entered the Anonymous IRC-network at the time this was posted, the topic of channel opGlobalBlackout was: Official Press Release: http://pastebin.com/yK79Tsgq

As you can see, the "Press Release" tells potential Anonymous-members to stop waging war, that peace is the way to go, to stop DDoS-attacks. This is another words an "anti-op" designed to get potential anonymous-recruits to think about what they are doing.

There never was an operation. There was only an anti-operation, designed to get people to think.posted by Rogers, Sun Apr 01 2012, 13:23

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Instead of military assaults, today's adversaries hire coders to create attacks that can run autonomously for years, says Stephen Lawton.History books tell us that the Cold War ended in roughly 1991 after the dissolution of the Soviet Union. But, today's security practitioners say the Cold War has simply morphed from a threat of armed conflict among major world powers into a battle of computer-savvy “troops” fighting from the comfort of offices.

Instead of countries spending billions of dollars to create new weapons, supply massive armies and spend millions of dollars (or rubles, francs or yuan) fighting conventional attacks against political, economic, religious or commercial foes, today's adversaries hire code-writers to create attacks that can run autonomously for years with little or no human intervention. By repurposing code to spawn new attacks, the cost of cyber warfare can be a fraction of the cost of a conventional war.While China and Russia generally are considered by industry experts to be the leaders in state-sponsored cyber attacks against the United States, they are not the only countries to have sophisticated espionage infrastructures in place, says Richard Bejtlich, chief security officer at Alexandria, Va.-based Mandiant. Other nations with sophisticated capabilities include North Korea, Iran, France, Israel and, of course, the United States.

North Korea, Bejtlich says, uses technology against its neighbor, South Korea, and to make political statements against the West, generally resulting in attacks against the United States, he says. Iran primarily uses its cyber weaponry to suppress internal dissidents.

In the past, he says, U.S. politicians spoke in general terms about cyber attacks, choosing not to name those believed to be responsible. That all changed late last year when the Office of the National Counter Intelligence Executive released a report, “Foreign Spies Stealing U.S. Economic Secrets in Cyber space,” which specifically identified China and Russia as key participants. However, the report also said U.S. allies are actively involved. “Certain allies and other countries that enjoy broad access to U.S. government agencies and the private sector conduct economic espionage to acquire sensitive U.S. information and technologies,” the report states. “Some of these states have advanced cyber capabilities.”

It cited four factors that will shape the cyber environment over the next three to five years. These are: A technological shift, including the use of smartphones, laptops and other internet-connected devices; an economic shift that changes the way corporations, government agencies and other organizations share storage, computing, networking and application resources; a cultural shift in the U.S. workforce, where younger employees mix personal and professional activities; and a geopolitical shift as globalization of the supply chain and worker access increase the ability for malicious individuals to compromise the integrity and security of computing devices.Jared Carstensen, manager of enterprise risk services at Deloitte in Dublin, Ireland, likes to differentiate between cyber crime and cyber espionage because the end goals differ significantly. For an attack to be considered a cyber crime, he says, the adversary does so for financial gain. This typically includes attacks designed to obtain credit card or bank data. Cyber espionage, on the other hand, is designed to steal intellectual property, and/or disable or attack critical infrastructure. It often is performed for political purposes.

Spying has been around since the dawn of man, Carstensen says. Early tribes snooped on other tribes to learn where they found food. Today's sleuths also are looking for the same competitive advantage over their enemies – and even their allies.In some countries, such as North Korea, students believed to have a propensity for math or technology are trained at an early age as cyber warriors. These academies provide the students with respectability and good pay. In China, for example, the Communist Party codified cyber warfare in 2010, and President Hu Jintao deemed cyber war a priority. Author and retired U.S. Marine Corps Lt. Col. William Hagestad says in an upcoming book that China bases its policies on the Art of War, Sun Tzu's doctrine written around 500 B.C., one of whose tenets is: Keep your friends close, but keep your enemies closer. Chinese officials, however, regularly deny they are involved in any cyber spying efforts.

In the United States, the military is also shifting its war strategy to further prioritize cyber efforts. The soldiers who pilot military drones over Pakistan and Afghanistan actually sit in control rooms at Creech Air Force Base in Nevada. This, Carstensen says, is not unlike cyber attackers who might work out of a hotel to conduct assaults.

However, the level of expertise of foreign cyber attackers varies widely from so-called script-kiddies, who download exploit software that is widely available on the internet, to experienced computer engineers who have either religious or political reasons for staging actions.

Some of these attacks are advanced persistent threats (APTs) that are designed to enter a computer system and perhaps sit dormant for a period of time. The intrusions are designed not to be noticed.

This tactic varies significantly from those of hacktivists, who attack websites with the expressed purpose of drawing attention to the site being breached. Some groups, such as Anonymous and LulzSec, have claimed credit for damage to sites they have compromised.

Unlike hacktivists, cyber spies are so concerned about flying under the radar that once they successfully enter a target system, they actually install security patches to ensure that other attackers are unable to access the system using the same vulnerability, says Daniel Teal, founder and chief technology officer of Austin, Texas-based CoreTrace and a former officer at the Air Force Information Warfare Center (AFIWC). By installing fixes, he says, the attacker will have the compromised systems all to themselves and will not have to worry about a sloppy rival alerting the IT manager that there has been a breach.Admins might actually see their network performance improve while the attacker ensures that others are unable to infect the environment, Teal says. Because the attacker does not want to draw attention, they simply can leave a back door open so that the malware payload is not accidentally identified by the target network.

Toney Jennings, CEO of CoreTrace, adds that companies might have the equivalent of a “cyber atomic bomb” in the server that “is not doing anything bad today.” That bomb could be set off by an intruder at a later date, well after the initial breach took place. Additionally, he says companies purchasing mission-critical hardware should spot check the “guts” of the new systems, including all device drivers, for malicious code before putting them into production. Most hardware and software today is developed outside U.S controls, so ensuring it is safe is a good business practice. “It's a valid bit of paranoia,” Jennings says.

Underscoring this concern, an FBI presentation last year detailed how counterfeit Cisco Systems networking equipment originating in China – including network routers, switches, gigabit interface converters and WAN interface cards – was being sold in the United States. “Operation Cisco Raider” resulted in the recovery of 3,500 pirated network devices valued at $3.5 million, James Finch, assistant director of the FBI's cyber division, has said.

Teal says he once discovered, by accident, a malicious device driver for a keyboard he purchased for his daughter's computer. The driver was sending personal information off his home network. He contacted the system manufacturer, Hewlett-Packard, and discovered that the kernel driver was written by a third party. Further investigations by Teal and HP determined that the manufacturer was sending data off the network simply to ensure an internet connection – a task that easily could have been accomplished by sending random data bits without using personal information.

When Bejtlich was the director of incident response at General Electric, the company had an estimated half-million computers, and no shortage of defensive technologies and staff. Even still, he says, with the full resources of a sophisticated IT team and a corporate leader who recognized the need for IT security, the company still was unable to maintain 100 percent effectiveness against intruders or persistent threats.

And now, mobile and cloudMandiant's Bejtlich says that despite the best intentions of CISOs and IT staffs, it is nearly impossible to keep a network of a 1,000 or more endpoints safe from outside attacks.

Today, Bejtlich says, IT staffs need to address not only the needs of a company's primary computer systems, but also non-standard systems, such as smartphones and other mobile devices. While cyber espionage is normally thought of as an attack against a large computer system, many corporate executives and engineers have confidential data on their devices that might be useful to attackers.

Companies that believe they are too small or insignificant to be targeted are wrong, and do not necessarily understand how and why attacks work, says Erin Nealy Cox, managing director and deputy general counsel at Stroz Friedberg LLC and a former federal prosecutor and assistant U.S. attorney. While technology firms are obvious targets for attackers after intellectual property, small companies may be considered stepping stones.

Cox says security education is essential in companies of all sizes. Large organizations with established policies and procedures need to educate their employees on a regular basis not only about sound computing practices, but also about data and office security policies. For example, she says employees need to be reminded not to insert thumb drives they find in the parking lot or those handed to them at a trade show into a company computer. Such devices could be plants with malware on them.“Typically,” she says, “security comes at the price of convenience.”

Even data security companies can fall prey to sophisticated attacks, she says. Within the past year, there have been several online raids on companies that specialize in data security. The reasons for the success vary, she says, but it generally falls into the category of an exploit that was allowed because someone was not paying attention to details. It might have been faulty website code or a misconfigured network, but generally the vulnerabilities could have been caught.

Scott Crawford, research director for security and risk management at Enterprise Management Associates, with corporate headquarters in Boulder, Colo., agrees that companies of all sizes could be targets. While smaller entities might not provide the breadth of information that a multinational corporation offers, it still could have secrets worth stealing, he says.Crawford views this kind of cyber theft, be it from a state-sponsored or industrial source, to be similar to espionage conducted during the Cold War. There could be value in stealing information, he says, but “you don't want to kill the market.” One purpose for this type of espionage is to build a country's or company's own ability to compete against existing players in the field.

If it costs $50 million to develop a product, but only $2 million to steal it, some will opt for the less costly approach. This is particularly true for emerging nations that might have technical resources, but are not necessarily competitive enough to develop their own intellectual property.

Defense is all about managing a company's or a country's risk, Crawford says. Some organizations look for fast fixes to potential weaknesses without fully understanding their risk profile or the impact of their actions. A layered approach to security is necessary.

Crawford also blames guidance or regulations that do not match the threat. The Payment Card Industry Data Security Standard (PCI DSS), for example, is prescriptive and specifies to security officers how to maintain compliance, but this is only a point in time, he says. A company's compliance “can be passé or irrelevant” immediately after passing the audit.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Social networking has quickly become a major medium for communications for both individuals and organizations, but the platforms that allow the development of online personae are not without their own inherent risks.

The team over at security provider Veracode has produced an interesting and informative infographic examining the social media security basics everyone who has ventured into the online world of networking should embrace.

Follow the link above to view the complete article.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

The U.N., Internet Regulator? Private governance has the flexibility and competence needed to keep the Internet dynamic and free..Article Comments more in Opinion | Find New $LINKTEXTFIND$ ».Email Print Save ↓ More ..smaller Larger By ANDREA RENDA Mayan prophecy predicts that the world will end on Dec. 21, 2012, but Internet users should be more worried about what will happen just a few weeks before. The World Conference on International Telecommunications (WCIT) meets in Dubai Dec. 3-14 to consider proposals that would grant authority for Internet governance to the United Nations and impose new regulations on Web traffic. If adopted, these proposals could upend the Web as we know it, undermining it as an engine for growth and dynamism for the world.

Since 1988, the Internet has been governed by private bodies. Icann, which manages domain names under the rather benevolent oversight of the U.S., is fully devoted to multiple-stakeholder participation. Government representatives only sit on an "advisory committee," while business and civil society shape the rules.

However, recent events (such as the controversial creation of a dedicated .xxx domain for adult content and Icann's plan to expand top-level domains) have created concerns among national governments—even those, such as the U.S. and the European Union, that remain fully committed to protecting the multiple-stakeholder model.

Hence the ideas for reform that other governments have put forth before the WCIT. India, Brazil and South Africa have proposed a new committee within the U.N. dedicated to Internet-related issues. This committee would oversee Icann and other nongovernmental bodies, bringing the Internet under tighter intergovernmental control but not leading to anything more than "recommendations."

China and Russia, meanwhile, have proposed a voluntary international code of conduct for information security, which arguably would serve those governments' desire to place the Internet under international regulatory control while preserving other countries' ability to opt out of undesirable agreements.

Striking a balance between these ideas and the status quo won't be easy. It is difficult to imagine a U.N.-led body that could manage the Internet effectively. Private regulation has the flexibility and competence that is needed in this field. Moreover, the Internet has become a formidable ally of democracy, often against the will of repressive governments. Placing it under government control might lead at once to inefficiencies and enhanced risk of political censorship. Why fix what isn't broken?

On the other hand, the Internet is far from perfect even if it isn't broken, and challenges are emerging with growing frequency. The Icann-led expansion of the top-level domains risks further jeopardizing the enforcement of intellectual-property rights in cyberspace, trademarks in particular. Internet freedom is increasingly being sacrificed at the altar of copyright enforcement; laws like PIPA and SOPA in the U.S., as well as similar laws in other countries and the international Anti-Counterfeiting Trade Agreement, post stop signs everywhere in cyberspace.

Privacy and security are also at risk due to a lack of adequate legal tools and coordination mechanisms, most of which would be intergovernmental and global. Some governments are very active in Internet censorship, and there is currently now way of holding these authorities accountable.

And while more than half of Internet users are located in Asia, the U.S. still has exclusivity over the Internet Assigned Numbers Authority and the root zone file, the list of all top-level domains in the Internet. Non-U.S. companies, including EU-based ones, cannot compete to become the managers of these critical resources.

There seems to be no practical or desirable alternative to a multiple-stakeholder model when it comes to the technical regulations that govern the Internet. However, Icann can be made more transparent and accountable, and its Government Advisory Committee more representative and perhaps more powerful. This would address some of the concerns expressed by national governments, who fear that they are not sufficiently involved in the operation of such a critical resource for society and the economy.

National governments should also enhance their cooperation in a number of fields, including media pluralism, fundamental rights and cybersecurity. The task of preserving and promoting diverse, independent Web media could be given to Unesco rather than a brand-new U.N. committee. Internet free speech is a matter for human-rights law: The European Court of Justice recently ruled that filtering and monitoring end-users can lead to a violation of their fundamental right to communication.

And on Web security, a global public-private partnership should be launched to increase data collection, government cooperation and mutual trust in organizing the response to new cyber threats.

More transparency and accountability for private organizations, rather than more governmental control, can help the Internet continue to grow as a resource for the whole world. More geographically balanced governance can easily co-exist with a free Internet. It would also help unmask those governments that dress their desire to limit free speech as a plea for global governance.

The economic and social advancement generated by the Internet has been and will continue to be key to the rapid development we have seen in many of the countries raising legitimate concerns. Striking the right balance will be key when the WCIT convenes in December. Assuming the Mayan prophecy is wrong, of course.

Rahim, it seems, is the victim of photo-jacking — the exploitation of photos scraped from Facebook and other Internet outlets. And Rahim isn't the only victim of image exploitation. The Straits Times reports there are at least two other women in Singapore whose social media photos showed up on the same sites where Rahim's picture appeared.